Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freetype: CVE-2007-3506: memory buffer overwrite bug

Related Vulnerabilities: CVE-2007-3506  

Source

Debian Bug report logs - #432013
freetype: CVE-2007-3506: memory buffer overwrite bug

Package: freetype; Maintainer for freetype is Hugh McMaster <hugh.mcmaster@outlook.com>;

Reported by: "Alec Berryman" <alec@thened.net>

Date: Fri, 6 Jul 2007 16:51:02 UTC

Severity: grave

Tags: security

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>:
Bug#432013; Package freetype. (full text, mbox, link).

Acknowledgement sent to "Alec Berryman" <alec@thened.net>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Alec Berryman" <alec@thened.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: freetype: CVE-2007-3506: memory buffer overwrite bug
Date: Fri, 06 Jul 2007 11:49:47 -0500
Package: freetype
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2007-3506 [0]:

The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
2.3.3 allows context-dependent attackers to cause a denial of service
and possibly execute arbitrary code via unspecified vectors involving
bitmap fonts, related to a "memory buffer overwrite bug."

This vulnerability may allow access to the accounts of users who use the
package.  The original bug report [1] provides instructions on how to
reproduce the issue, but I have been unable to do so.  The CVE links to
a patch from freetype's CVS [2]; the code appears to have changed
between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
in ftbitmap.c the offending code exists (if at all).

If this does turn out to affect Debian's version, please note the CVE in
the changelog.

Thanks,

Alec

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506
[1] http://savannah.nongnu.org/bugs/index.php?19536
[2] http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18&diff_format=u

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGjnKrAud/2YgchcQRAp2sAJ4mMhM+ovCOQ+PczjdsL5AjB+PzFACgjGJu
xU+tJZN4TvZ6hShfJm1o0RA=
=GVM+
-----END PGP SIGNATURE-----

Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to "Alec Berryman" <alec@thened.net>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 432013-done@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>
To: Alec Berryman <alec@thened.net>, 432013-done@bugs.debian.org
Subject: Re: Bug#432013: freetype: CVE-2007-3506: memory buffer overwrite bug
Date: Sat, 7 Jul 2007 15:59:16 -0700
Hi Alec,

On Fri, Jul 06, 2007 at 11:49:47AM -0500, Alec Berryman wrote:
> The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
> 2.3.3 allows context-dependent attackers to cause a denial of service
> and possibly execute arbitrary code via unspecified vectors involving
> bitmap fonts, related to a "memory buffer overwrite bug."

> This vulnerability may allow access to the accounts of users who use the
> package.  The original bug report [1] provides instructions on how to
> reproduce the issue, but I have been unable to do so.  The CVE links to
> a patch from freetype's CVS [2]; the code appears to have changed
> between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
> in ftbitmap.c the offending code exists (if at all).

Thank you for the report.  I have reviewed the code in question, and am
confident that the vulnerability does not exist in Freetype 2.2.1, having
been introduced in a later reorganization of the ftbitmap.c code.  I'm
therefore closing this report, as no action is necessary for the Debian
packages.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 05 Aug 2007 07:25:46 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:08:56 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started